starlingx/docs
Code Issues Proposed changes
d466920c10
docs/doc/source/admintasks/kubernetes/kubernetes-admin-tutorials-authentication-and-authorization.rst

60 lines
2.3 KiB
ReStructuredText
Raw Normal View History

Updated Patch Set 5 to include review comments Changed name of file to: admin-application-commands-and-helm-overrides.rst Updated Strings.txt Updated formatting issues: installing-and-running-cpu-manager-for-kubernetes.rst Updated Patch Set 4 to include review comments Admin Tasks Updated Changed name of include file to: isolating-cpu-cores-to-enhance-application-performance.rest Change-Id: I0b354dda3c7f66da3a5d430839b5007a6a19cfad Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com> Signed-off-by: Stone <ronald.stone@windriver.com> Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
2020-12-07 16:10:59 -05:00
.. khe1563458421728
.. _kubernetes-admin-tutorials-authentication-and-authorization:
Editorial updates - Admin Tasks, User tasks, and Updates and Upgrades Guides. Acted on Greg's comments Patch 1: Acted on Greg's comments and added the missing files. Patch 2: Solved merge conflicts Signed-off-by: egoncalv <elisamaraaoki.goncalves@windriver.com> Change-Id: I70c5d3b9c3927320f977b62878ee60ab9956fc91
2021-05-21 17:03:32 -03:00
=======================================================
 Local Docker Registry Authentication and Authorization
=======================================================
Updated Patch Set 5 to include review comments Changed name of file to: admin-application-commands-and-helm-overrides.rst Updated Strings.txt Updated formatting issues: installing-and-running-cpu-manager-for-kubernetes.rst Updated Patch Set 4 to include review comments Admin Tasks Updated Changed name of include file to: isolating-cpu-cores-to-enhance-application-performance.rest Change-Id: I0b354dda3c7f66da3a5d430839b5007a6a19cfad Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com> Signed-off-by: Stone <ronald.stone@windriver.com> Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
2020-12-07 16:10:59 -05:00
Authentication is enabled for the local Docker registry. When logging in,
users are authenticated using their platform keystone credentials.
For example:
.. code-block:: none
$ docker login registry.local:9001 -u <keystoneUserName> -p <keystonePassword>
Remove spurious escapes (r8,dsR8) This change addresses a long-standing issue in rST documentation imported from XML. That import process added backslash escapes in front of various characters. The three most common being '(', ')', and '_'. These instances are removed. Signed-off-by: Ron Stone <ronald.stone@windriver.com> Change-Id: Id43a9337ffcd505ccbdf072d7b29afdb5d2c997e
2023-02-28 14:02:05 +00:00
An authorized administrator ('admin' and 'sysinv') can perform any Docker
action. Regular users can only interact with their own repositories (i.e.
registry.local:9001/<keystoneUserName>/). Any authenticated user can pull from
CephFS RWX Support in Host-based Ceph Incorporated patchset 1 review comments Updated patchset 5 review comments Updated patchset 6 review comments Fixed merge conflicts Updated patchset 8 review comments Change-Id: Icd7b08ab69273f6073b960a13cf59905532f851a Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
2021-04-19 00:22:38 -04:00
the following list of public images:
Update admin tasks folder There are some minor modifications in the content of the files Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com> Change-Id: If315582a3213d121712c45f2ed5817899b76ded9
2021-03-05 09:23:14 -03:00
.. _kubernetes-admin-tutorials-authentication-and-authorization-d383e50:
- registry.local:9001:/public/\*
- registry.local:9001:/k8s.gcr.io/pause
- registry.local:9001:/quay.io/jetstack/cert-manager-acmesolver
The **mtce** user can only pull public images, but cannot push any images.
For example, only **admin** and **testuser** accounts can push to or pull from
Updated Patch Set 5 to include review comments Changed name of file to: admin-application-commands-and-helm-overrides.rst Updated Strings.txt Updated formatting issues: installing-and-running-cpu-manager-for-kubernetes.rst Updated Patch Set 4 to include review comments Admin Tasks Updated Changed name of include file to: isolating-cpu-cores-to-enhance-application-performance.rest Change-Id: I0b354dda3c7f66da3a5d430839b5007a6a19cfad Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com> Signed-off-by: Stone <ronald.stone@windriver.com> Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
2020-12-07 16:10:59 -05:00
**registry.local:9001/testuser/busybox:latest**
Update admin tasks folder There are some minor modifications in the content of the files Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com> Change-Id: If315582a3213d121712c45f2ed5817899b76ded9
2021-03-05 09:23:14 -03:00
.. _kubernetes-admin-tutorials-authentication-and-authorization-d383e87:
Updated Patch Set 5 to include review comments Changed name of file to: admin-application-commands-and-helm-overrides.rst Updated Strings.txt Updated formatting issues: installing-and-running-cpu-manager-for-kubernetes.rst Updated Patch Set 4 to include review comments Admin Tasks Updated Changed name of include file to: isolating-cpu-cores-to-enhance-application-performance.rest Change-Id: I0b354dda3c7f66da3a5d430839b5007a6a19cfad Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com> Signed-off-by: Stone <ronald.stone@windriver.com> Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
2020-12-07 16:10:59 -05:00
---------------------------------
Username and Docker compatibility
---------------------------------
Repository names in Docker registry paths must be lower case. For this reason,
a keystone user must exist that consists of all lower case characters. For
example, the user **testuser** is correct in the following URL, while
**testUser** would result in an error:
**registry.local:9001/testuser/busybox:latest**
Update admin tasks folder There are some minor modifications in the content of the files Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com> Change-Id: If315582a3213d121712c45f2ed5817899b76ded9
2021-03-05 09:23:14 -03:00
.. note::
Use of the auto-generated self-signed certificate for the registry
certificate is not recommended. If you must do so, then from the central
cloud/systemController, access to the local registry can only be done using
registry.local:9001. registry.central:9001 will be inaccessible. Installing
a |CA|-signed certificate for the registry and the certificate of the |CA| as
Fixed \_ as the output was not rendering correctly (pick r5 updates only) Fixed Patchset 4 comments Fixed Patchset 3 comments and added additional updates Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com> Change-Id: I7482afc3a90bbdc94b6ecd8b6ac39d831b8a45db Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
2021-10-26 17:31:52 -04:00
an 'ssl_ca' certificate will remove this restriction.
Update admin tasks folder There are some minor modifications in the content of the files Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com> Change-Id: If315582a3213d121712c45f2ed5817899b76ded9
2021-03-05 09:23:14 -03:00
Updated Patch Set 5 to include review comments Changed name of file to: admin-application-commands-and-helm-overrides.rst Updated Strings.txt Updated formatting issues: installing-and-running-cpu-manager-for-kubernetes.rst Updated Patch Set 4 to include review comments Admin Tasks Updated Changed name of include file to: isolating-cpu-cores-to-enhance-application-performance.rest Change-Id: I0b354dda3c7f66da3a5d430839b5007a6a19cfad Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com> Signed-off-by: Stone <ronald.stone@windriver.com> Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
2020-12-07 16:10:59 -05:00
For more information about Docker commands, see
`https://docs.docker.com/engine/reference/commandline/docker/ <https://docs.docker.com/engine/reference/commandline/docker/>`__.
Copy Permalink